This project is an Authentication system built using Node.js, Express, and Redis along with a frontend user interface developed using React, Tailwind CSS, Axios, and React Router. It incorporates session handling, rate limiting, account lockout, and logging to enhance security.
- Overview
- Features
- Prerequisites
- Installation
- Configuration
- Usage
- Endpoints
- Security Measures
- Logging
This project is built using React, Tailwind CSS, Axios, React Router, Express, Redis, Rate Limiter, and Logging functionalities. It provides a secure and user-friendly system for user registration, login, and authentication.
- Express Session: Handles user authentication and stores session data in a Redis database.
- Rate Limiting: Protects against brute force attacks by limiting the number of requests from a single IP.
- Account Lockout: Temporarily locks user accounts after a specified number of failed login attempts.
- Logging: Records security events and errors to a log file for analysis.
- React UI: Provides an intuitive and interactive interface for users to interact with the authentication system.
-
Clone the repository:
git clone https://github.com/Meeraswamy/authAPI.git cd authAPI
-
Create a config.js file in the project root directory and Update the file according to your environment.
// config.js module.exports = { session: { secret: 'your_session_secret', // replace it with your session secret resave: false, saveUninitialized: true, cookie: { secure: false, maxAge:60000, httpOnly:false, sameSite:'none'}, // Set secure to true if you are using HTTPS and maxAge of your choice. }, mongodb: { uri: 'your_mongodb_uri', }, env: { port: 3000, }, corsConfig:{ origin:'your client address', credentials:true, methods:["GET","POST"], // allowed methods allowedHeaders: ['Content-Type'], // allowed headers } };
-
create a .env file in the client root directory and update the file according to your server URL
SERVER_URL= your server URL
-
Start the server
node index.js
-
Start the client
npm run dev
-
Your authentication API is now running at
http://localhost:3000(or another specified port) and the client app is now running athttp://localhost:5173.
- Register:
POST /register
- Login:
POST /login
- Logout:
GET /logout
- Additional endpoints as needed.
- Home: Home page component.
- Register: Register component implements a registration form where users can sign up for new accounts. Upon submission it sends a POST request to the
\registerendpoint of the API and receives the session cookie and user details which will be stored in local storage of the Browser. - Login: Login component implements login form for users to sing in to their accounts. Upon submission it sends a POST request to the
\loginendpoint of the API and receives the session cookie and user details which will be stored in local storage of the Browser. - Dashboard: Simple component that says Hello to the authenticated users. It is only accessible after successful login into the user account. It has a button logout which calls the
\logoutendpoint of the API to logout and destroy the user session.
- Sessions are stored securely in a Redis database.
- Note: Make sure to follow cookie security practices by setting flags such as
secure,httpOnly,sameSiteand optionally specifyingdomainandpath.
- Rate limiting is implemented to prevent brute force attacks.
- Configurable thresholds to adjust the level of protection.
- Temporary lockout of user accounts after a specified number of failed login attempts.
- Enhances security by preventing continuous login attempts.
- Security events and errors are logged to a designated log file.
- Logging provides a trail for analyzing security incidents.